Security: Exercise: Remove XSS when displaying fill in blanks results

AngelFQC · AngelFQC · commit 1aaa53da9bc3 · 2025-06-24T11:57:57.000-05:00
diff --git a/main/exercise/fill_blanks.class.php b/main/exercise/fill_blanks.class.php
@@ -893,7 +893,7 @@ function (&$value, $key, $tabBlankChar) {
                     // should always be
                     $i++;
                 }
-                $listAnswerResults['student_answer'][] = $listAnswerResults['words'][$i];
+                $listAnswerResults['student_answer'][] = Security::remove_XSS($listAnswerResults['words'][$i]);
                 if ($i + 1 < count($listAnswerResults['words'])) {
                     // should always be
                     $i++;

Original file line number	Diff line number	Diff line change
`@@ -893,7 +893,7 @@ function (&$value, $key, $tabBlankChar) {`
`893`	`893`	`// should always be`
`894`	`894`	`$i++;`
`895`	`895`	`}`
`896`		`- $listAnswerResults['student_answer'][] = $listAnswerResults['words'][$i];`
	`896`	`+ $listAnswerResults['student_answer'][] = Security::remove_XSS($listAnswerResults['words'][$i]);`
`897`	`897`	`if ($i + 1 < count($listAnswerResults['words'])) {`
`898`	`898`	`// should always be`
`899`	`899`	`$i++;`